CVE-2023-6597

Updated: 2024-05-24 02:42:36.616087

Description:

An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU python3 3.9.16 7.8 HIGH Released CLSA-2024:1720547879 2024-07-09 14:24:56
CentOS 7 ELS python3 3.6.8 7.8 HIGH Released CLSA-2024:1720548714 2024-07-23 17:19:27
CentOS 8.4 ELS python2 2.7.18 7.8 HIGH Not Vulnerable 2024-07-03 11:22:59
CentOS 8.4 ELS python3 3.6.8 7.8 HIGH Released CLSA-2024:1720178532 2024-07-05 10:17:11
CentOS 8.5 ELS python3 3.6.8 7.8 HIGH Released CLSA-2024:1720548691 2024-07-09 14:24:56
CentOS 8.5 ELS python2 2.7.18 7.8 HIGH Not Vulnerable 2024-07-03 11:22:59
CentOS Stream 8 ELS python2 2.7.18 7.8 HIGH Not Vulnerable 2024-07-17 05:37:35
CloudLinux 7 ELS python3 3.6.8 7.8 HIGH Released CLSA-2024:1727288754 2024-10-07 10:50:29
Ubuntu 16.04 ELS python3.5 3.5.2 7.8 HIGH Not Vulnerable 2024-07-29 11:26:49
Ubuntu 18.04 ELS python3.6 3.6.9-1 7.8 HIGH Not Vulnerable 2024-07-29 11:26:49